Hi Chris, Yes, my last rule logs everything that is dropped - this is how i discovered the ips of the outgoing lo packets...
----- Original Message ----- From: "Chris Wilkes" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 5:33 PM Subject: Re: WHICH IS THE RIGHT IP FOR THE 'lo' INTERFACE? > On Fri, Mar 08, 2002 at 05:02:38PM -0300, Bruno Negr�o wrote: > > Hi all, > > I had a rule like this: > > iptables -P OUTPUT DROP > > iptables -A OUTPUT -p ALL -o lo -s 127.0.0.1 -j ACCEPT > > This way, my firewall was dropping a lot of legitimate packets > > originated from lo which use the source ip's of the internal or > > external interfaces(instead of 127.0.0.1). > > How about as your last rule in your OUTPUT/INPUT tables to mark the > packets that are dropped? That way you can see what's being dropped and > why. > > Who is 127.0.0.1 trying to communicate with? Probably another local > address to the machine like 10.0.0.254. Did you enable communication > back the other way like with a > -i lo -d 127.0.0.1 > ? That could help out. > > But again I would stress -j LOG --log-prefix "DROP " marking all dropped > packets so that you can see where it is going wrong. > > Chris > > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
